We built Riptides to solve the problem every AI team hits when they move agents from prototype to production: there is no security layer designed for how AI agents actually work.
In 2023, the team behind Riptides was running a multi-agent research system inside a financial services environment. We needed to audit exactly which agent accessed which data source, at what time, and under which task context. We discovered there was no infrastructure-level way to do that.
Every AI agent framework we evaluated treated identity as an application-layer concern - something you bolt on after the fact using the same static API keys your human engineers use. That approach fails the moment you have more than a handful of agents, and it fails catastrophically when agents start calling other agents.
We founded Riptides to fix identity and policy enforcement at the runtime layer, below the application code, before the frameworks. If you solve identity correctly, audit trails, policy enforcement, and incident response all become tractable problems.
Riptides is backed by Oktogon Ventures through a seed round investment.
We operate at the runtime layer, not the application layer. That means Riptides works regardless of which AI framework, which model provider, or which orchestration tool your team uses.
Security controls belong in the infrastructure, not scattered across application code. Riptides integrates at the process and network boundary, not inside your agent logic.
Every agent starts with zero permissions and explicitly gains only what its current task requires. Privilege escalation is opt-in and auditable, not the default state.
Every identity, every policy decision, every tool call is emitted as a structured event. Your existing SIEM and observability stack receives the signal. No custom dashboards required to get started.
You can run a handful of AI agents without identity infrastructure. You cannot run hundreds. The teams we work with are at the inflection point where they discover this, and we help them get ahead of it.
Our deployment model was designed from day one to add security controls without requiring teams to rearchitect their agent code. If adding Riptides requires a sprint of refactoring, we have failed.
Regulated industries using AI agents are not going to get a pass from auditors. We treat structured, queryable audit output as a first-class feature, not an afterthought.
Riptides integrates with the tools your team already uses: your SIEM, your IDP, your orchestration platform. We do not require you to adopt a proprietary ecosystem to get security coverage.
Talk to the team about your specific environment and agent architecture.
Contact Us Meet the Team